responding to CL comments

golang · Jan 23, 2024 · e15136c · e15136c
1 parent 7eef773
commit e15136c
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 71 deletions.
diff --git a/google/externalaccount/aws.go b/google/externalaccount/aws.go
@@ -257,12 +257,12 @@ func (rs *awsRequestSigner) generateAuthentication(req *http.Request, timestamp
 }
 
 type awsCredentialSource struct {
-	EnvironmentID                  string
-	RegionURL                      string
-	RegionalCredVerificationURL    string
-	CredVerificationURL            string
-	IMDSv2SessionTokenURL          string
-	TargetResource                 string
+	environmentID                  string
+	regionURL                      string
+	regionalCredVerificationURL    string
+	credVerificationURL            string
+	imdsv2SessionTokenURL          string
+	targetResource                 string
 	requestSigner                  *awsRequestSigner
 	region                         string
 	ctx                            context.Context
@@ -312,8 +312,8 @@ func (cs awsCredentialSource) credentialSourceType() string {
 
 func (cs awsCredentialSource) subjectToken() (string, error) {
 	// Set Defaults
-	if cs.RegionalCredVerificationURL == "" {
-		cs.RegionalCredVerificationURL = defaultRegionalCredentialVerificationUrl
+	if cs.regionalCredVerificationURL == "" {
+		cs.regionalCredVerificationURL = defaultRegionalCredentialVerificationUrl
 	}
 	if cs.requestSigner == nil {
 		headers := make(map[string]string)
@@ -345,16 +345,16 @@ func (cs awsCredentialSource) subjectToken() (string, error) {
 
 	// Generate the signed request to AWS STS GetCallerIdentity API.
 	// Use the required regional endpoint. Otherwise, the request will fail.
-	req, err := http.NewRequest("POST", strings.Replace(cs.RegionalCredVerificationURL, "{region}", cs.region, 1), nil)
+	req, err := http.NewRequest("POST", strings.Replace(cs.regionalCredVerificationURL, "{region}", cs.region, 1), nil)
 	if err != nil {
 		return "", err
 	}
 	// The full, canonical resource name of the workload identity pool
 	// provider, with or without the HTTPS prefix.
 	// Including this header as part of the signature is recommended to
 	// ensure data integrity.
-	if cs.TargetResource != "" {
-		req.Header.Add("x-goog-cloud-target-resource", cs.TargetResource)
+	if cs.targetResource != "" {
+		req.Header.Add("x-goog-cloud-target-resource", cs.targetResource)
 	}
 	cs.requestSigner.SignRequest(req)
 
@@ -401,11 +401,11 @@ func (cs awsCredentialSource) subjectToken() (string, error) {
 }
 
 func (cs *awsCredentialSource) getAWSSessionToken() (string, error) {
-	if cs.IMDSv2SessionTokenURL == "" {
+	if cs.imdsv2SessionTokenURL == "" {
 		return "", nil
 	}
 
-	req, err := http.NewRequest("PUT", cs.IMDSv2SessionTokenURL, nil)
+	req, err := http.NewRequest("PUT", cs.imdsv2SessionTokenURL, nil)
 	if err != nil {
 		return "", err
 	}
@@ -442,11 +442,11 @@ func (cs *awsCredentialSource) getRegion(headers map[string]string) (string, err
 		return getenv("AWS_DEFAULT_REGION"), nil
 	}
 
-	if cs.RegionURL == "" {
+	if cs.regionURL == "" {
 		return "", errors.New("oauth2/google: unable to determine AWS region")
 	}
 
-	req, err := http.NewRequest("GET", cs.RegionURL, nil)
+	req, err := http.NewRequest("GET", cs.regionURL, nil)
 	if err != nil {
 		return "", err
 	}
@@ -518,7 +518,7 @@ func (cs *awsCredentialSource) getSecurityCredentials(headers map[string]string)
 func (cs *awsCredentialSource) getMetadataSecurityCredentials(roleName string, headers map[string]string) (AwsSecurityCredentials, error) {
 	var result AwsSecurityCredentials
 
-	req, err := http.NewRequest("GET", fmt.Sprintf("%s/%s", cs.CredVerificationURL, roleName), nil)
+	req, err := http.NewRequest("GET", fmt.Sprintf("%s/%s", cs.credVerificationURL, roleName), nil)
 	if err != nil {
 		return result, err
 	}
@@ -548,11 +548,11 @@ func (cs *awsCredentialSource) getMetadataSecurityCredentials(roleName string, h
 }
 
 func (cs *awsCredentialSource) getMetadataRoleName(headers map[string]string) (string, error) {
-	if cs.CredVerificationURL == "" {
+	if cs.credVerificationURL == "" {
 		return "", errors.New("oauth2/google: unable to determine the AWS metadata server security credentials endpoint")
 	}
 
-	req, err := http.NewRequest("GET", cs.CredVerificationURL, nil)
+	req, err := http.NewRequest("GET", cs.credVerificationURL, nil)
 	if err != nil {
 		return "", err
 	}

diff --git a/google/externalaccount/basecredentials.go b/google/externalaccount/basecredentials.go
@@ -176,9 +176,9 @@ func (c *ExternalAccountConfig) parse(ctx context.Context) (baseCredentialSource
 
 	if c.AwsSecurityCredentialsSupplier != nil {
 		awsCredSource := awsCredentialSource{
-			RegionalCredVerificationURL:    c.CredentialSource.RegionalCredVerificationURL,
+			regionalCredVerificationURL:    c.CredentialSource.RegionalCredVerificationURL,
 			awsSecurityCredentialsSupplier: c.AwsSecurityCredentialsSupplier,
-			TargetResource:                 c.Audience,
+			targetResource:                 c.Audience,
 		}
 		return awsCredSource, nil
 	} else if c.SubjectTokenSupplier != nil {
@@ -190,15 +190,15 @@ func (c *ExternalAccountConfig) parse(ctx context.Context) (baseCredentialSource
 			}
 
 			awsCredSource := awsCredentialSource{
-				EnvironmentID:               c.CredentialSource.EnvironmentID,
-				RegionURL:                   c.CredentialSource.RegionURL,
-				RegionalCredVerificationURL: c.CredentialSource.RegionalCredVerificationURL,
-				CredVerificationURL:         c.CredentialSource.URL,
-				TargetResource:              c.Audience,
+				environmentID:               c.CredentialSource.EnvironmentID,
+				regionURL:                   c.CredentialSource.RegionURL,
+				regionalCredVerificationURL: c.CredentialSource.RegionalCredVerificationURL,
+				credVerificationURL:         c.CredentialSource.URL,
+				targetResource:              c.Audience,
 				ctx:                         ctx,
 			}
 			if c.CredentialSource.IMDSv2SessionTokenURL != "" {
-				awsCredSource.IMDSv2SessionTokenURL = c.CredentialSource.IMDSv2SessionTokenURL
+				awsCredSource.imdsv2SessionTokenURL = c.CredentialSource.IMDSv2SessionTokenURL
 			}
 
 			return awsCredSource, nil

diff --git a/google/externalaccount/err.go b/google/externalaccount/err.go
diff --git a/google/externalaccount/err_test.go b/google/externalaccount/err_test.go
diff --git a/google/externalaccount/programmaticrefreshcredsource.go b/google/externalaccount/programmaticrefreshcredsource.go
@@ -1,4 +1,4 @@
-// Copyright 2023 The Go Authors. All rights reserved.
+// Copyright 2024 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 

diff --git a/google/externalaccount/programmaticrefreshcredsource_test.go b/google/externalaccount/programmaticrefreshcredsource_test.go
@@ -1,4 +1,4 @@
-// Copyright 2020 The Go Authors. All rights reserved.
+// Copyright 2024 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
@@ -18,12 +18,6 @@ func TestRetrieveSubjectToken_ProgrammaticAuth(t *testing.T) {
 		return "subjectToken", nil
 	}
 
-	oldNow := now
-	defer func() {
-		now = oldNow
-	}()
-	now = setTime(defaultTime)
-
 	base, err := tfc.parse(context.Background())
 	if err != nil {
 		t.Fatalf("parse() failed %v", err)